Amid the chaos and uncertainty, 2020 has created an almost ideal environment for cybercriminals. COVID-19 has changed the way we live, and almost ten months later, the pandemic is raging and cybersecurity threats are intensifying.
Cybersecurity challenges will only get worse in 2021
To say that 2020 was a difficult year is an understatement. But even with all the issues (many of which are still far from solved), we will have to reckon with the consequences of the year: from violations coming from a remote employee, to vulnerabilities of Internet of Things devices already used by millions. This year has also reminded us of the resilience of the security industry, with which we are more prepared for new challenges than we think.
Attackers see opportunities in these turbulent times, which is why the world, including institutions from hospitals to schools, has faced unprecedented cyber threats this year.
By November, more than 28,000 common vulnerabilities (CVE) had been reported, not to mention countless of those problems that were simply not reported. Not surprisingly, as initial concern about the pandemic grew in the first quarter of 2020, there was an increase in targeted attacks – by 61%, compared to the last quarter of 2019.
As we look forward to 2021, we need to understand that there are many necessary tools to address these challenges. In many cases, it’s just a matter of time and technology.
Ransomware attacks are still trivial and cause unprecedented harm. As malware, DDoS, and phishing threats have steadily grown, security professionals have been on high alert all year, struggling to protect hospitals in the midst of a pandemic, secure the U.S. presidential election, and protect businesses, following a rapid shift to remote work and digital experiences for consumers. The cybersecurity industry needs to team up with governments, combine tools with policies, and solve some of these simple but incredibly harmful problems once and for all.
After a year of high rates and alarming new records, here’s what the world expects in the coming year:
- Consequences of remote work
According to IBM, about two-thirds of senior executives said the pandemic has accelerated their digital transformation plans. This acceleration is often associated with significant architectural changes, leaving critical security vulnerabilities exposed.
Given these new and unprotected vulnerabilities, the number of breaches is likely to increase next year. After the changes, no major data leaks due to individual employees ‘ homes and personal technology have yet occurred. This is likely to change in 2021, as attackers will start attacking unprotected perimeters.
The adoption of new standards for remote work makes staff more resilient to business continuity issues, but also creates new challenges. Traditional infrastructure, such as telecommunications, is focused on urban centers and traditional jobs. Currently, networks in small cities are facing loads that could not have been dreamed of a year ago, and cellular nodes located further from large commercial centers receive more traffic than stations in former business parks and coworking places. Similarly, business-critical traffic passes through networks that are not included in the plans until 2020, which creates serious problems.
- The Internet of Things and Smart Devices – the Achilles heel of global networks
In 2021, increased demand for Internet of Things (IoT) solutions will also be driven by the introduction of connected medical devices, smart offices and remote asset monitoring. The Covid-19 pandemic and the introduction of 5g networks will force businesses to increasingly rely on iot technologies.
The pandemic has fundamentally changed the way we think about the workplace. According to a report published by Forrester, at least 80% of firms will develop comprehensive local strategies to return to work in the office after the next lockdown, which include IoT applications to improve employee safety, and improve resource efficiency. An increasing number of organizations will start connecting more of their assets to the network to enable remote management.
Unfortunately, with a large number of connected devices, security is not provided. Moreover, most of them will be poorly configured, which will expose organizations and individuals to cyber attacks.
Attackers will focus their efforts on targeting vulnerable systems in the Internet of things with the help of specially designed malware. This will increase the number and scale of new IoT botnets, some of which will be based on well-known malware such as the Mirai bot. The proliferation of IOT devices will attract ransomware gangs that can develop specific malware variants to target these systems.
Attacks on consumer and industrial iot devices, including smart homes, smart meters and connected cars, are already happening. Unlike the usual ransomware attacks, this software aims to gain control of the connected system with malicious code, causing it to work incorrectly (i.e. manipulate), and leaving the victim with no choice but to pay a ransom to restore normal operation.
2021 will be the year of the first ransomware attacks on the Internet of Things.
- The number of ransomware attacks is growing
The year 2020 ends with an unprecedented surge in the use of ransomware, hitting well-known organizations around the world, as well as the apparent commercialization of these criminal groups.
In 2021, most attacks will exploit known vulnerabilities in target systems to gain access to target networks and manually deploy ransomware. In response to the ongoing COVID-19 pandemic, an increasing number of organizations are allowing their employees remote access to their resources, thereby increasing the surface for attacks. Unpatched systems and poorly protected access points will allow attackers to compromise a large number of companies.
Most cyber attacks will be targeted, and ransomware operators will choose their victims carefully.
Virtually any ransomware group or cartel will adopt a double-extortion model, meaning that they will initially extract data from victims to threaten them with leaking stolen information if the ransom is not paid.
The Crimeware-as-a-Service (CaaS) model will continue to allow both technically inexperienced criminals and advanced attackers to quickly organize sophisticated cyber attacks.
The most profitable services and products that will be offered using the CaaS model in 2021 are ransomware, malware, DDoS-for-hire services, spam services and RDP access.
Attackers with advanced threats will use these services to make it difficult to attribute attacks and quickly organize operational operations. In the coming months, major botnet operations that offer an implementation of this model, such as Emotet and Trickbot, will become the main cause of infections on a global scale.
Implementing a modular structure for these malicious programs allows you to resell and lease sections of your malicious code to cybercriminals without compromising their main distinguishing features.
Clients of malware operators will distribute them by applying their own tactics, methods and procedures, and in some cases using them in targeted attacks.
This will increase professionalism in the field of cybercrime threats. Some criminal organizations will focus on offering criminal services and products to other criminal groups instead of directly targeting users and organizations with their tools.
- Attack on the basis of the AI is a dangerous threat
Increasingly, hackers will benefit from the introduction of artificial intelligence to perform malicious actions. In 2021, the introduction of AI-based attack platforms will allow attackers to increase the efficiency of their operations by simulating the reaction of targets and trying to elude them in real time.
The introduction of AI-based systems in disinformation campaigns conducted by nation-state hackers will become a frightening reality with deep-seated fakes that will spread through social media and instant messaging apps to influence public sentiment on specific topics that fuel civil unrest. .
The good news is that ai is also being used for security purposes, to speed up the detection of complex cyber threats, and to provide a quick response to block early on.
The introduction of AI changes the rules of the game for digital twin solutions, which will become even more popular in the cybersecurity industry.
A digital twin is a computer model that reflects and simulates the operation of real infrastructure and its interactions with the environment, including cybersecurity threats. This method is still at an early stage of development, and artificial intelligence technologies will help its rapid spread.
AI will help create accurate” digital doubles ” of the infrastructure, creating a digital representation of it based on the analysis of past campaigns. In this way, vulnerabilities and attack patterns can be quickly identified, and appropriate countermeasures can be implemented before attackers can exploit them in a real-world scenario.
- State-sponsored hacking as a threat to sovereignty
The ongoing pandemic and escalating tensions mean that States will be more active in cyberspace next year. In 2021, there will be a significant increase in the number of government-sponsored cyber espionage campaigns.
In the first half of the year, the industries that will be affected by the attacks will be the healthcare and pharmaceutical sectors, as well as universities and government contractors.
Government-sponsored attackers aim to gather information about strategic intellectual property that could give their governments a technological and economic advantage in a post-covid-19 world.
The ongoing pandemic is hampering treatment and preventive screening for diseases such as cancer. After a pandemic, the incidence of cancer will begin to rise rapidly. For this reason, new technologies and medicines will be needed to stop the emergency. Organizations and companies involved in the development of new treatments will be targeted by national government actors.
APT groups will conduct numerous operations against countries around the world. The level of complexity of these campaigns will continue to grow, which will make it impossible to attribute the attack to specific threat participants.
National actors will also be responsible for sabotage and disinformation campaigns. The latter will be aimed at destabilizing Governments.
In 2021, cybercrime organizations will step up their activities in cyberspace. It is not sad, but they will be joined by state structures that are very profitable for industrial espionage. The ongoing Covid-19 pandemic will provide them with new opportunities to fight businesses, government organizations and citizens around the world.
We are in the midst of a perfect artificial storm. For this reason, the multi-level approach to cybersecurity and the involvement of private and public stakeholders is needed to prevent even more serious consequences of cyber attacks in the next year.
Attacks will continue to evolve, but so will our ability to evaluate them.
Next year, new areas of the security industry will come into their own. The challenges we’ve faced this year – securing a distributed workforce, bursts of ransomware and phishing, targeted attacks on critical industries, and more-will trigger a new wave of innovation. Behavioral analytics, device identification, and intelligent risk management will be critical areas for the development of the industry.